RootGuard/LoopGuard/IP Source Guard Flashcards

1
Q

Which statement describes what happens when a port configured with root guard receives a superior BPDU?
A. The port goes into errdisabled state and stops forwarding traffic.
B. The port goes into BPDU-inconsistent state and stops forwarding traffic.
C. The port goes into loop-inconsistent state and stops forwarding traffic.
D. The port goes into root-inconsistent state and stops forwarding traffic.

A

D. The port goes into root-inconsistent state and stops forwarding traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
What happens when a port configured with root-inconsistent receives a superior BPDU?
A. Loop Guard
B. Root Guard
C. BPDU Guard
D. BPDU Filter
A

B. Root Guard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A network engineer deployed an older switch with the same spanning-tree priority as the existing root, which caused a network outage. In which two locations should the Spanning Tree protocol root guard feature be implemented? (Choose two)
A. On the designated root switch downlinks to the access layer.
B. On all of non-root switch facing ports of the access layer
C. On the access layers root facing ports
D. On Layer 3 boundaries in the distribution layer
E. Globally on all network switches.

A

A. On the designated root switch downlinks to the access layer.
B. On all of non-root switch facing ports of the access layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Where should the Root Guard be implemented in the network topology that Cisco recommends? (Choose two)
A. All non-root ports of the Access Switches.
B. Downstream links from Distribution to Access Switches
C. Access Switches to uplink ports to Distribution Switches
D. On Layer 3 Switches.

A

A. All non-root ports of the Access Switches.

B. Downstream links from Distribution to Access Switches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which command enables root guard on a Cisco switch?
A. Switch(config)#spanning-tree guard root
B. Switch(config)#spanning-tree root guard
C. Switch(config-if)#spanning-tree guard-root
D. Switch(config-if)#spanning-tree guard root
E. Switch(config-if)#spanning-tree root guardn

A

D. Switch(config-if)#spanning-tree guard root

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
Which feature do you implement so that an interface enters the root inconsistent state if it receives a superior BPDU?
A. DPDU guard
B. root guard
C. BPDU guard
D. loop guard
A

B. root guard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
Which command is required for root guard for Cisco device to place ID:2071948x? (Where x is the last digit ID)
A. (config if)# spanning-tree guard root
B. (config)# spanning-tree guard root
C. (config-if)# spanning-tree root guard
D. (config)# spanning-tree root guard
A

A. (config if)# spanning-tree guard root

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which two statements are true of root guard? (Choose two)
A. Configure root guard to automatically change a designated port to a root port.
B. Configure uplinkfast on an enabled root guard interface to protect the root status of a switch.
C. Configure root guard to ensure that root guard enabled ports become designated ports.
D. Configure root guard to prevent an unauthorized switch from becoming the root switch.
E. Issue a no shutdown command to recover a port from the root-inconsistent state.

A

C. Configure root guard to ensure that root guard enabled ports become designated ports.
D. Configure root guard to prevent an unauthorized switch from becoming the root switch.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which two commands enable loop guard on a Cisco switch? (Choose two)
A. switch(config-if)#spanning-tree guard loop
B. switch(config-if)#spanning-tree loop guard default
C. switch(config)#spanning-tree loop guard default
D. switch(config-if)#spanning-tree loopguard
E. switch(config)#spanning-tree loopguard default

A

A. switch(config-if)#spanning-tree guard loop

E. switch(config)#spanning-tree loopguard default

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
Which feature do you implement so that a physical port enter the loop inconsistent state if it fails to receive BPDUs?
A. loop guard
B. loop disable
C. root guard
D. flex links
E. BPDU ignore
F. loop block
A

A. loop guard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which two statements are true of loop guard? (Choose two)
A. Configure loop guard on root port to help detect and isolate unidirectional link failure.
B. Configure loop guard when root guard is enabled for optimal loop prevention mechanism.
C. Configure loop guard on a PortFast-enabled port to ensure optimal loop prevention mechanism.
D. Configure loop guard on a point-to-point link for an effective loop prevention mechanism.
E. Configure loop guard to prevent root port from becoming a designated port.

A

A. Configure loop guard on root port to help detect and isolate unidirectional link failure.
E. Configure loop guard to prevent root port from becoming a designated port.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
On which layer does IP source guard provide filtering to prevent a malicious host from impersonating the IP address of a legitimate host?
A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 7
A

B. Layer 2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
A network engineer is trying to prevent users from connecting unauthorized equipment to a production network. Which option can be campus-wide to satisfy this requirement?
A. IP Source Guard
B. switch port block
C. Uplink fast
D. private VLANs
E. BPDU Guard
A

A. IP Source Guard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which feature to use against IP Spoofing at Layer 2?
A. DHCP snooping
B. port security
C. IP source guard

A

C. IP source guard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which two statements are true when using IP Source Guard with DHCP snooping? (Choose two)
A. It is allowed to use an IP address which is in DHCP snooping database.
B. It is now (or not) allowed to use an IP address which is in DHCP snooping database.
C. It should be enabled in globally to all interfaces.

A

A. It is allowed to use an IP address which is in DHCP snooping database.
C. It should be enabled globally to all interfaces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
Which two commands should we use to check the ip source guard bindings? (Choose two)
A. show dhcp snooping binding
B. show dhcp snooping binding database
C. show ip verify source
D. show ip source binding
A

C. show ip verify source

D. show ip source binding

17
Q

Which two statements about IP Source Guard are true? (Choose two)
A. it is enabled automatically when DHCP snooping is enabled
B. when it is first enabled, it blocks all IP packets except DHCP packets.
C. It works together with DHCP snooping to verify source IP packets
D. When it is configured on a Layer 2 port channel, it is applied only to the port channel interface
E. It must be enabled globally for all ports
F. When it is first enabled, it allows all IP packets except DHCP packets.

A

B. when it is first enabled, it blocks all IP packets except DHCP packets.
C. It works together with DHCP snooping to verify source IP packets